• davel@lemmy.ml
    link
    fedilink
    English
    arrow-up
    131
    arrow-down
    5
    ·
    3 months ago

    I don’t know why people keep attributing privacy to Lemmy when ActivityPub is anything but.

    • OsrsNeedsF2P@lemmy.ml
      link
      fedilink
      arrow-up
      47
      arrow-down
      3
      ·
      3 months ago

      Is ActivityPub logging which IP I post from? Is ActivityPub monitoring which communities I view? Is ActivityPub blocking me from browsing with my VPN on?

      • davel@lemmy.ml
        link
        fedilink
        English
        arrow-up
        59
        arrow-down
        15
        ·
        3 months ago

        Is ActivityPub logging which IP I post from?

        That depends on the implementation.

        Is ActivityPub monitoring which communities I view?

        That depends on the implementation.

        Is ActivityPub blocking me from browsing with my VPN on?

        That—believe it or not—depends on the implementation.

        • puppy@lemmy.world
          link
          fedilink
          arrow-up
          48
          arrow-down
          7
          ·
          edit-2
          3 months ago

          We already have an implementation. You me and OP are all on Lemmy. So can you answer these in the context of Lemmy again?

          • davel@lemmy.ml
            link
            fedilink
            English
            arrow-up
            33
            arrow-down
            4
            ·
            edit-2
            3 months ago

            I actually can’t answer them, because I only admin this instance, I don’t run it.

            While I’m sure this is not the case, it’s entirely possible that the people who do run this instance are running a fork of it that does all of those things. It couldn’t log your IP address or block your VPN, but it could mine, and your instance could yours. And I haven’t read the Lemmy source code, so I don’t know what even an unmodified Lemmy logs.

            (Actually this instance is running a fork right now, or rather a branch: 0.19.6-beta1, because lemmy.ml is the core Lemmy developers’ instance for testing beta code before releasing production versions.)

            • GoodEye8@lemm.ee
              link
              fedilink
              English
              arrow-up
              20
              arrow-down
              2
              ·
              3 months ago

              But you can read the source code and get an understanding of whether it is collecting private information or not. You can theoretically also fork the code and make your own version of Lemmy where you’re ripped out the parts that collect private information. Can you do any of those things with Reddit? Absolutely not. You have no idea what exactly Reddit collects and even if you did you have no control over that collection.

              What you’re doing is questioning the privacy aspect without putting in the effort to check if your questioning is valid. Nobody is preventing you from reading the source code. And if you don’t trust anyone else running the instance you can fork Lemmy, make whatever privacy changes you need and host your own instance. That goes beyond the capabilities of the average user but that’s the catch with privacy, if you can’t trust others then you have to learn more to get by without others.

          • TechNerdWizard42@lemmy.world
            link
            fedilink
            arrow-up
            8
            ·
            3 months ago

            Many Lemmy instances block VPN posting. You can view, but not vote or post. I have a secondary private VPN I use sometimes for that. But honestly the whole thing just sucks.

        • JackbyDev@programming.dev
          link
          fedilink
          English
          arrow-up
          3
          ·
          3 months ago

          ActivityPub does not share your IP with other instances, but of course, like all websites, your home instance can see your IP.

      • growingentropy@lemmy.dbzer0.com
        link
        fedilink
        arrow-up
        16
        arrow-down
        1
        ·
        3 months ago

        I got off lemmy.world because they block VPN connections. Not happening, under any circumstances. I don’t trust anyone that much.

    • Serinus@lemmy.world
      link
      fedilink
      arrow-up
      42
      arrow-down
      1
      ·
      3 months ago

      And generally that’s fine. If you’re posting stuff publicly, expect it to be public.

      Lemmy gives away for free what Reddit is desperately trying to put up walls on so they can sell it, but I wouldn’t call it “private” because it’s monetized.

      Lemmy is the opposite of privacy, and that just makes sense if you 🤔.

      • JackbyDev@programming.dev
        link
        fedilink
        English
        arrow-up
        4
        ·
        3 months ago

        I desperately want all my posts on all forum like sites to be easily indexable by search engines. That Reddit blocked other search engines besides Google from indexing is crazy.

      • Un4@lemm.ee
        link
        fedilink
        arrow-up
        11
        ·
        3 months ago

        In terms of privacy reddit has it better(still bad but better than Lemmy) because your content is locked behind a paywall only few companies can access. On the other hand, any one can train their AI on Lemmy posts and access all history of all users freely. The difference is that on lemmy only the companies that collect your data profit, while on reddit also the owners of the platform (reddit itself) profit.

      • wizardbeard@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        9
        ·
        3 months ago

        No, it’s just open free for the taking by anyone who decides to spin up their own instance, or to anyone who decides to scrape from an instance frederated with yours without robots.txt set against web scrapers. Hosters could even intentionally break federation to prevent deletions from syncing.

        I love lemmy, but privacy is not one of its features.

        • davel@lemmy.ml
          link
          fedilink
          English
          arrow-up
          4
          ·
          3 months ago

          Any script kiddie can scrape the entirety of Lemmy, with the exception of direct/private messages. robots.txt is merely a request, with no enforcement capability.

    • Salvo@aussie.zone
      link
      fedilink
      English
      arrow-up
      9
      arrow-down
      2
      ·
      3 months ago

      That was what I was going to say.

      That said, if someone detects some sort of data-mining plagiarism bot sucking down everything on an instance, it can be defederated very quickly.

    • mexicancartel@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      4
      ·
      3 months ago

      See, the app won’t track your clicks, views, interests. Only public thing is the thinh you post. Which is great for public communities. Theese are meant to be public. But things facebook or reddit or google does is enough to call lemmy private

    • vonxylofon@lemmy.world
      link
      fedilink
      arrow-up
      4
      ·
      3 months ago

      The amount of magical thinking around federated protocols both on Lemmy and Mastodon is astounding. Sure, design decisions make a difference, but federations gonna federate.